Skip to main content
CVE-2023-1381 HIGH POC This Week

The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Deserialization Wp Meta Seo
NVD WPScan
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-1406 HIGH POC This Week

The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload WordPress Jetengine For Elementor
NVD WPScan
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-26860 HIGH POC This Week

SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and before allow a remote attacker to gain privileges via the LgBudgetBudgetModuleFrontController::displayAjaxGenerateBudget component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Save Your Carts And Buy Later Or Send It
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-28206 HIGH POC KEV THREAT This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Apple Ipados +2
NVD
CVSS 3.1
8.6
EPSS
24.5%
CVE-2023-26067 HIGH POC THREAT This Week

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Cxtpc Firmware Cstpc Firmware Mxtct Firmware Mxtpm Firmware +22
NVD GitHub
CVSS 3.1
8.1
EPSS
37.8%
CVE-2023-26986 HIGH POC This Week

An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers to execute arbitrary commands on a victim host via user interaction with a crafted EML file sent to their OA mailbox. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Oa Mailbox Pc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-26919 HIGH POC This Week

delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Nashorn Sandbox
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-1970 HIGH POC This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Tpadmin
NVD VulDB
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-1425 HIGH POC This Week

The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner - Groundhogg WordPress plugin before 2.7.9.4 does not properly sanitise and escape a parameter before using it in a SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Groundhogg
NVD WPScan
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-28205 HIGH KEV THREAT This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Apple RCE Memory Corruption +4
NVD
CVSS 3.1
8.8
EPSS
27.1%
CVE-2023-1668 HIGH PATCH This Week

A flaw was found in openvswitch (OVS). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Open Vswitch Debian Linux Openshift Container Platform Openstack Platform +2
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2023-26466 HIGH This Week

A user with non-Admin access can change a configuration file on the client to modify the Server URL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Synchronization Engine
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26495 HIGH This Week

An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Drawings Sdk
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29005 HIGH PATCH This Week

Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Flask Appbuilder
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-26774 HIGH This Week

An issue found in Sales Tracker Management System v.1.0 allows a remote attacker to access sensitive information via sales.php component of the admin/reports endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Sales Tracker Management System
NVD
CVSS 3.1
7.5
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy